Lucene search
VmwareCVELIST:CVE-2021-22002HistoryAug 31, 2021 - 9:02 p.m.
CVE-2021-22002
2021-08-3121:02:21
vmware
www.cve.org
1
VMware Workspace ONE Access and Identity Manager, allow the /cfg web app and diagnostic endpoints, on port 8443, to be accessed via port 443 using a custom host header. A malicious actor with network access to port 443 could tamper with host headers to facilitate access to the /cfg web app, in addition a malicious actor could access /cfg diagnostic endpoints without authentication.
CNA Affected
[
{
"product": "VMware Workspace ONE Access, Identity Manager and vRealize Automation",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Workspace ONE Access 20.10.01, 20.10 & 20.01. Identity Manager 3.3.5, 3.3.4, 3.3.3 & 3.3.2. vRealize Automation (vIDM) 7.6."
}
]
}
]Related
nvd
nvd
CVE-2021-22002
2021-08-31 22:15:08
osv
osv
CVE-2021-22002
2021-08-31 22:15:08
cve
cve
CVE-2021-22002
2021-08-31 22:15:08
prion
prion
Authentication flaw
2021-08-31 22:15:00
vmware
vmware
thn
thn
VMware Issues Patches to Fix Critical Bugs Affecting Multiple Products
2021-08-06 07:12:00
nessus
nessus